File php7-CVE-2021-21705.patch of Package php7.20329
Index: php-7.4.6/ext/filter/logical_filters.c
===================================================================
--- php-7.4.6.orig/ext/filter/logical_filters.c 2020-05-12 10:09:22.000000000 +0200
+++ php-7.4.6/ext/filter/logical_filters.c 2021-07-09 14:56:54.242534739 +0200
@@ -555,6 +555,22 @@ void php_filter_validate_domain(PHP_INPU
}
/* }}} */
+static int is_userinfo_valid(zend_string *str)
+{
+ const char *valid = "-._~!$&'()*+,;=:";
+ const char *p = ZSTR_VAL(str);
+ while (p - ZSTR_VAL(str) < ZSTR_LEN(str)) {
+ if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) {
+ p++;
+ } else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) {
+ p += 3;
+ } else {
+ return 0;
+ }
+ }
+ return 1;
+}
+
void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
{
php_url *url;
@@ -615,6 +631,15 @@ bad_url:
php_url_free(url);
RETURN_VALIDATION_FAILED
}
+
+ if (url->user != NULL && !is_userinfo_valid(url->user)
+ || url->pass != NULL && !is_userinfo_valid(url->pass)
+ ) {
+ php_url_free(url);
+ RETURN_VALIDATION_FAILED
+
+ }
+
php_url_free(url);
}
/* }}} */